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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the amendment filed 09/30/20054. Claims 10 and 
12-32 have been amended; claim 1 1 has been cancelled. The specification has also 
been amended. 

Response to Arguments 

2. Applicant's arguments, see page 7, 3 rd paragraph, filed 09/30/2005, with respect 
to the rejections of claims 10 and 12-32 under 35 USC 101 for being not limited to 
statutory subject matters have been fully considered and are persuasive. The rejections 
of claims 10 and 12-32 under 35 USC 101 for being not limited to statutory subject 
matters have been withdrawn. 

3. Applicant's arguments, see page 7, 3 rd paragraph, filed 09/30/2005, with respect 
to the rejections of claims 30-32 under 35 USC 101 for claiming non-functional 
descriptive material have been fully considered but they are not persuasive. Although 
the claimed data structure comprises pieces of data having intended use, the data 
structure itself does not impart functionality when employed as a computer component. 

4. Applicant's arguments, filed 09/30/2005, have been fully considered but they are 
not persuasive. 
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Applicant argues that Swift (6,308,274) does not disclose a dynamic policy (page - 
8, 1 st paragraph). Swift discloses policy for controlling access to resources based on 
both static factors (e.g., user, group) and dynamic/changing factors (e.g. type of 
application, part of application, type of task) (col. 6, lines 16-27; col. 7, lines 51-61; col. 
13, lines 20-56). 

Regarding the features of claims 12 and 22 cited in page 8, 2 nd paragraph of the 
response, Swift discloses generating a restricted token which is an update of the client 
authorization context (figure 2) and identifying an allow access control entry as a 
callback access control entry that requires additional check (figure 6; col. 1 1 , lines 38- 
56). 

Applicant argues that Swift does not disclose a dynamic authorization callback 
mechanism and a dynamic group element. Swift authorization mechanism requires 
additional check of dynamic data such as type of application, part of application, type of 
task. Swift also discloses in figure 2 that the access right associated with Group2 SID 
has been changed from ALLOW to DENYONLY in the restricted token. As such, a 
dynamic group element has been created. 

Applicant argues that Swift is silent on a "callback access control entry" for 
"dynamic access check policies" (page 9, next to last paragraph). Swift discloses using 
access control entries (ACEs) in an access control list (ACL) to control access to a 
resource. Specifically, Swift discloses that if an allow access control entry is matched, 
additional test is required to check dynamic factors such as the type of application, 
which part of application, the type of task (col. 6, lines 16-27; col. 7, lines 51-61; col. 11, 
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lines 38-56; col. 13, lines 20-56). Inherently, Swift's allow access control entry has an 
identifier so that it can be distinguished from a deny access control entry. Swift further 
discloses that an allow access control entry comprises dynamic authorization policy 
data (Boolean expression to specify dynamic access condition) (col. 1 1 , lines 38-56). 
Therefore, Swift's allow access control entry reads on the claimed callback access 
control entry. 

Priority 

5. Acknowledgment is made of applicant's claim for priority under 35 U.S.C. 1 19(e) 
to U.S. Provisional Application No. 60/214,811. 

Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claims 30-32 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Regarding claim 30, it is directed to a data 
structure comprising an identifier for identifying the data structure and authorization 
policy data, which both are data. Since the data structure itself does not impart 
functionality when employed as a computer component, the claimed subject matter is 
nonfunctional descriptive material and is non-statutory. 
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Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1-10 and 12-32 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Swift (6,308,274). 

The applied reference has a common assignee with the instant application. 
Based upon the earlier effective U.S. filing date of the reference, it constitutes prior art 
under 35 U.S.C. 102(e). This rejection under 35 U.S.C. 102(e) might be overcome 
either by a showing under 37 CFR 1 .132 that any invention disclosed but not claimed in 
the reference was derived from the inventor of this application and is thus not the 
invention "by another," or by an appropriate showing under 37 CFR 1 .131 . 

Regarding claims 1 , 3-4, 10-15 and 22, Swift discloses a method for dynamically 
managing access to a resource in a computer system having a client making a request 
for the resource, the method comprising: 

computing a client authorization context after the request for the resource 
is received from the client (col. 4, lines 46-55); 

determining, via an application programming interface, based upon 
dynamic data and first dynamic policy whether the client authorization context is to be 
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updated, wherein said first dynamic policy is tailored to an application through which the 
resource is accessed (col. 6, line 5 - col. 7, line 35); 

updating the client authorization context according to said determination 
(col. 6, line 5 - col. 7, line 35); 

comparing the client authorization context to at least one access control 
entry of an access control list (col. 7, lines 51-61); 

identifying an access control entry as an access control entry of type allow 
and when the allow access control entry applies in access evaluation, dynamic access 
check using dynamic data is automatically invoked (col. 5, lines 2-11; col. 7, lines 51-61; 
col. 1 1, lines 21-65), the allow access control entry being functionally equivalent to a 
callback access control entry; and 

in response to identifying the access control entry as a callback access 
control entry, evaluating, via said application programming interface, based upon the 
dynamic data and the second dynamic policy whether said allow access control entry 
bears on said access request, wherein said second dynamic policy is tailored to said 
application (col. 5, lines 2-11; col. 7, lines 51-61; col. 11, lines 21-65). 
Regarding claim 2, Swift further discloses that the first dynamic policy defines flexible 
rules for determining the client authorization context (col. 6, lines 5-27; col. 12, lines) 
and wherein said second dynamic policy defines flexible rules for purposes of 
determining access privileges (col. 7, lines 51-61; col. 11, lines 21-65). 

Regarding claims 5, 1 6 and 23, Swift further discloses that the evaluating based 
upon dynamic data includes invoking an application-defined dynamic access check 
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routine that performs based in part upon dynamic data such as a Boolean expression in 
the access control list, the Boolean expression indicating a condition for granting access 
to the resource (col. 1 1 , lines 21-65; col. 12, lines 46-67). Since access is evaluated 
using data in each access control entry, inherently, the Boolean expression is part of the 
callback access control entry. 

Regarding claims 6, 17 and 24, Swift further discloses that the access check 
routine is invoked automatically when there is a match between an identifier in the client 
authorization context and an identifier in the callback access control entry (col. 7, lines 
51-61; col. 11, lines 21-65). 

Regarding claims 7 and 18, Swift further discloses registering with the operating 
system, which is the resource manager of the computer system, an application-defined 
routine for determining dynamic groups (col. 6, lines 38-47; col. 12, lines 36-67). 

Regarding claims 8 and 19, Swift further discloses an application-defined routine 
for determining dynamic access checks is performed by the security mechanism in the 
kernel (col. 11, lines 10-20). Inherently, the routine is registered with the operating 
system, which is the resource manager of the computer system. 

Regarding claims 9, 21 and 25, Swift further discloses that the evaluating based 
upon dynamic data and second dynamic policy supplements a determination of access 
rights based upon static data and policy (col. 1 1 , lines 38-56). 

Regarding claim 20, Swift further discloses comparing data to a client 
authorization context determined based upon static data and policy before determining 
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whether the client authorization context is to be updated (col. 7, lines 5-22; col. 8, lines 
8-17). 

Regarding claim 26, Swift discloses for an application in a computer system 
having a resource manager that manages and controls access to a resource, carrying 
out a dynamic authorization callback mechanism that provides extensible support for 
application-defined business rules via a set of APIs and DACLS including a dynamic 
groups element, which enables an application to assign temporary group membership, 
based on dynamic factors, to a client for the purpose of checking access rights (col. 5, 
lines 2-28; col. 6, lines 15-27; col. 7, lines 5-22; col. 8, lines 30-60; col. 11, lines 10-56). 

Regarding claim 27, Swift further discloses a dynamic access check element, 
which enables an application to perform dynamic access checks, via DACLS and APIs, 
said dynamic access checks being customized to the application (col. 13, lines 20-56). 

Regarding claim 28, Swift further discloses that the dynamic groups element and 
a dynamic access element are performed at the operating system level (col. 13, lines 
20-56). Inherently the elements are registered with the operating system which is the 
resource manager of the computer system. 

Regarding claim 29, Swift further discloses that the dynamic groups element and 
a dynamic access element utilize dynamic data related to client operation (col. 12, lines 
46-59; col. 13, lines 20-43). 

Regarding claim 30, Swift discloses a data structure stored on a computer 
storage medium for use in connection with dynamic access check determinations for an 
application in a computer system, the data structure comprising: an identifier for 
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identifying the data structure as an allow access control entry (col. 5, lines 2-11). Swift 
discloses that when a deny access control entry applies, no further testing is necessary 
but when an allow access control entry applies, dynamic access check using dynamic 
data is automatically invoked (col. 5, lines 2-11; col. 7, lines 51-61; col. 11, lines 21-65); 
therefore, the allow access control entry meets the limitation of a callback access 
control entry. 

Swift discloses storing in an access control list dynamic authorization policy data 
in a format tailored to the application to handle access request (col. 1 1 , lines 47-56; col. 
12, lines 36-67). Since the dynamic authorization policy data indicates an allowable 
condition, inherently, it is part of the allow access control entry. 

Regarding claim 31 , Swift further discloses that the data structure comprises a 
security identifier for an access privilege check (fig. 5, element 80; col. 5, lines 2-11). 

Regarding claim 32, Swift further discloses that the data structure comprises a 
list of access permissions for allowing access to a resource (fig. 5, element 80; col. 5, 
lines 2-11). 

Conclusion 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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